Afanasiev Dmytro
Afanasiev Dmytro
Allows to use azure certificate for scans: ```bash $ export AZURE_TENANT_ID=*** $ export AZURE_CLIENT_ID=*** $ export AZURE_SUBSCRIPTION_ID=1a906b4d-8e6b-4c99-bd21-4b2e7dfd27e3 $ export AZURE_CLIENT_CERTIFICATE_PATH=/var/folders/4v/1g0nk6j110d8mf71wk8yyqnm0000gn/T/tmpn5cqxnke $ export AZURE_CLIENT_CERTIFICATE_PASSWORD=qwerty $ custodian run --cache-period=0 --output-dir=scan/scan scan/policy.yaml 2024-02-28...
# GCP - [x] gcp.artifactregistry-repository cloud-custodian/pull/8444 - [x] gcp.artifactregistry-repository.filters.gcp-iam-policy-filter cloud-custodian/pull/8444 - [x] gcp.audit-config (no a use case) - [x] gcp.bigtable-instance cloud-custodian/pull/8519 - [x] gcp.bigtable-instance-cluster cloud-custodian/pull/8519 - [x] gcp.bigtable-instance-cluster-backup cloud-custodian/pull/8519 -...
## network-interface-assignment ```yaml policies: - name: asb_fw_traffic_route description: | Virtual network with network interface assigned to virtual machine where firewall subnet resides and no route tables configured resource: azure.vnet filters:...
Use case: ```yaml policies: - name: example resource: azure.stream-job filters: - type: diagnostic-settings enabled: false ```
Added `azure.sql-managed-instance` and its filters: - `encryption-protectors` - `security-alert-policies` - `vulnerability-assessments` Use cases: ### vulnerability-assessments ```yaml policies: - name: managed-instances-with-vulnerability-recurring-scan-enabled resource: azure.sql-managed-instance filters: - type: vulnerability-assessments attrs: - type: value...
## firewall-bypass Use case: ```yaml policies: - name: -cis_db_postgre_access description: | PostgreSQL Database Server with 'Allow access to Azure services' enabled resource: azure.postgresql-server filters: - type: firewall-bypass mode: equal list:...
[describe_environments](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elasticbeanstalk/client/describe_environments.html) returns terminated environments (at least those that were terminated recently) but [list_tags_for_resource](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/elasticbeanstalk/client/list_tags_for_resource.html#list-tags-for-resource) raises `ResourceNotFoundException` if we try it with terminated environment. **Image** So, if i try to execute the...
Example: ```yaml policies: - name: app-flow resource: app-flow filters: - type: kms-key key: KeyManager value: AWS ```
Example ```yaml policies: - name: elastic-beanstalk resource: aws.elasticbeanstalk-environment filters: - type: configuration-settings attrs: - OptionName: Period - Value: "5" ```
Example: ```yaml policies: - name: disk-without-snapshots-within-14days resource: azure.disk filters: - type: snapshots attrs: - type: value key: properties.timeCreated value_type: age value: 14 op: le count: 0 ```